Introduction to Systems SecurityLearning Objectives2010 Computer Crime and Security Survey (2010 CSI Security Report)2009 CSI Report: Types of attacks or Misuse in last 12 monthsCSI Survey: financial lossAttack TrendsCSI Survey: Security monitoringCSI Survey: Defense Technology2011 Sophos Security Threat ReportSlide 10Slide 11Slide 12Slide 13Other Empirical Attack DataSummary Questions (Part 1)Systems attackersSlide 17Slide 18Slide 19Slide 20Summary Questions (Part 2)Attacks preps: examining email headersSlide 23Slide 24Attacks preps: looking for targetsAttacks preps: identifying targetsFramework for AttacksDialog attack: EavesdroppingDialog attack: Message AlterationDialog attack: ImpersonationEncryption: Protecting against eavesdropping and message alterationAuthentication: Protecting against ImpersonationSecure Dialog System: Protecting against all dialog attacksBreak-in attackFlooding Denial-of-Service (DoS) attackFirewalls: Protecting against break-ins and DoSIntrusion Detection System (IDS): Protecting against break-ins and DoSSlide 38Other defense measuresSummary Questions (Part 3)Introduction to Systems Security(January 11, 2012)© Abdou Illia – Spring 20122Learning ObjectivesDiscuss main security threats Discuss types of systems’ attacksDiscuss types of defense systems32010 Computer Crime and Security Survey (2010 CSI Security Report)Survey conducted by the Computer Security Institute (http://www.gocsi.com).Copy of Survey report on course web siteBased on replies from 494 U.S. Computer Security Professionals.Survey Summary online42009 CSI Report: Types of attacks or Misuse in last 12 months5CSI Survey: financial loss2007: $66,930,950 reported by 194 respondents6Attack TrendsGrowing Incident Frequency until 2001Incidents reported to the Computer Emergency Response Team/Coordination Center1998 1999 2000 2001 2001- Present3,474 9,859 21,756 52,658 Decline in # of attacksGrowing Malevolence since 2000Most early attacks were not maliciousMalicious attacks are the norm today7CSI Survey: Security monitoring8CSI Survey: Defense Technology92011 Sophos Security Threat ReportReport focused on Sophos’ security softwareGeneral discovery* Infected USB drives take advantage of computers that have auto-run enabled, which allow the automated execution of code contained on the flash drive.*102011 Sophos Security Threat ReportMalware* hosted on websites* Malicious software112011 Sophos Security Threat ReportMalware hosting countries122011 Sophos Security Threat ReportSpam-relaying countriesClimbing the list year after year132011 Sophos Security Threat ReportWeb server’s software affectedAs of March 2010 Apache served 58% of all web serversApache available for Microsoft Windows, Novell NetWare and Unix-like OSWeb server softwareApache IIS SunONEOperating SystemComputer hardwareHDRAM chipProcessorWeb server computer14Other Empirical Attack DataSecurityFocusData from 10,000 firms in 2010Attack Targets31 million Windows-specific attacks22 million UNIX/LINUX attacks7 million Cisco IOS attacksAll operating systems are attacked!15Summary Questions (Part 1)1. What does malware refer to?2. Systems running Microsoft operating systems are more likely to be attacked than others. T F3. With Windows OS, you can use IIS or another web server software like Apache. T F4. What web server software is most affected by web threats today?5. What types of email-attached file could/could not hide a malware?6. Could USB drives be used as means for infecting a system with malware? How?16Systems attackersHacking intentional access without authorization or in excess of authorizationElite HackersCharacterized by technical expertise and dogged persistence, not just a bag of toolsUse attack scripts to automate actions, but this is not the essence of what they doCould hack to steal info, to do damage, or just to prove their statusAttackersElite HackersScript KiddiesVirus writers & releasersCorporate employeesCyber vandalsCyber terrorists17Systems attackersElite Hackers (cont.)Black hat hackers break in for their own purposesWhite hat hackers can mean multiple thingsStrictest: Hack only by invitation as part of vulnerability testingSome hack without permission but report vulnerabilities (not for pay)Ethical hackersHired by organizations to perform hacking activities in order toTest the performance of systems’ securityDevelop/propose solutions18Systems attackersScript Kiddies“Kids” that use pre-written attack scripts (kiddie scripts)Called “lamers” by elite hackersTheir large number makes them dangerousNoise of kiddie script attacks masks more sophisticated attacksAttackersElite HackersScript KiddiesVirus writers & releasersCorporate employeesCyber vandalsCyber terrorists19Systems attackersVirus Writers and ReleasersVirus writers versus virus releasersWriting virus code is not a crimeOnly releasing viruses is punishableAttackersElite HackersScript KiddiesVirus writers & releasersCorporate employeesCyber vandalsCyber terrorists20Systems attackersCyber vandalsUse networks to harm companies’ IT infrastructureCould shut down servers, slowdown eBusiness systemsCyber warriorsMassive attacks* by governments on a country’s IT infrastructureCyber terroristsMassive attacks* by nongovernmental groups on a country’s IT infrastructureHackivistsHacking for political motivation* Multi-pronged attacks: release virus, active hacking, attacking Internet routers, etc.AttackersElite HackersScript KiddiesVirus writers & releasersCorporate employeesCyber vandalsCyber terrorists21Summary Questions (Part 2)1. What is meant by elite hacker, white hat hacker, ethical hacker?2. What is the difference between script kiddies and elite hackers?3. Is releasing a virus a crime in the U.S.?4. What is the difference between cyber war and cyber terrorism?22Attacks preps: examining email headersReceived: from hotmail.com (bay103-f21.bay103.hotmail.com [65.54.174.31]) by barracuda1.eiu.edu (Spam Firewall) with ESMTP id B10BA1F52DC for <[email protected]>; Wed, 8 Feb 2006 18:14:59 -0600 (CST)Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 8 Feb 2006 16:14:58 -0800Message-ID: <[email protected]>Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with HTTP; Thu, 09 Feb 2006 00:14:58
View Full Document